<?php

    class LoginController extends Controller{

        var $session_id_ttl;
        
        function __construct(){
            parent::__construct();
            Parameter::initParam();
        }

        function index(){
            
            if (isset($_SESSION['userID'])) {
                $login = new Login();
                
                if ($login->get($_SESSION['userID']))
                    if ($_GET['c'] == 'Login')
                        Header( "Location: ".SITE_URL."?c=GetThePicture" );
            }
            
            $section = "login";
            $title = _LB_LOGIN;
            $this->vars['title'] = $title;
            $cfer = new Cfer(array(
            $title => SITE_URL.'?c=Login'));
            
            $return_link = '';//$this->input->get_post('return_link');

            $login = new Login();

            if (!isset($_POST["login"])) {
                $_SERVER['REQUEST_URI'] = urldecode($_SERVER['REQUEST_URI']);
                $pos = strpos($_SERVER['REQUEST_URI'],'=');
                $return_link = substr($_SERVER['REQUEST_URI'],$pos+1);
                $this->vars['return_link'] = $return_link;
                $this->display('login');
            }
            else {
                // check if user login is deactivated or not
                if (isset($_POST['login']) && $login->isDeactivated($_POST['login']))
                {
                    $errors[] = _LB_ACCOUNT_DEACTIVATED;
                    $this->vars["message_error"] = $errors;
                    $this->vars["login"] = $_POST['login'];
                    $this->load->view('login.php', $this->vars);
                } else {
                    //check user login
                    $acces = null;

                    if (isset($_POST["login"]) && isset($_POST["pwd"]))
                    {
                        // free all SESSION variables
                        //base_url('login');

                        // check and use SHA1 to encode password
                        $acces = connecter_utilisateur($_POST["login"], $_POST["pwd"]);
                    }

                    if ($acces <> NULL && $acces->isAllowedAccessProject())
                    {
                        $acces->updateLogin();

                        $_SESSION["userID"] = $acces->id;
                        $_SESSION["is_controller"] = $acces->is_controller;
                        if ($acces->is_controller == ADMIN_SUPPORT)
                        {
                            $_SESSION["userClasse"] = "user_support";
                        } else if ($acces->is_controller == ADMIN) {
                            $_SESSION["userClasse"] = "user_admin";
                        } else if ($acces->is_controller == MANAGER) {
                            $_SESSION["userClasse"] = "user_manager";
                        }
                        else
                        {
                            if ( isset($acces) && (!$acces->isAllowedAccessProject()) )
                            {
                                $errors[] = _LB_NOT_GRANTED;
                            }
                            else
                            {
                                $login->increaseLoginAttempts($_POST['login']);
                                if ($login->isDeactivated($_POST['login']))
                                {
                                    $errors[] = _LB_ACCOUNT_DEACTIVATED;
                                }
                                else
                                {
                                    $errors[] = _LB_INVALID_LOGIN_OR_PASSWORD;
                                }
                            }

                            $this->vars["message_error"] = $errors;
                            $this->vars["login"] = $_POST["login"];

                            $this->load->view('login.php', $this->vars);
                            exit();
                        }

                        //serialize current user

                        $_SESSION['user_serialize'] = serialize($acces);

                        $login->resetLoginAttempts($acces->email);
                        
                        if( $return_link == '')
                        {
                            Header( "Location: ".SITE_URL."?c=GetThePicture" );
                        }
                        else
                        {
                            Header( "Location: $return_link" );
                        }
                    }
                    else
                    {
                        if (isset($_POST["login"]))
                        {
                             if ( isset($acces) && (!$acces->isAllowedAccessProject()) )
                            {
                                $errors[] = _LB_NOT_GRANTED;
                            }
                            else
                            {
                                $login->increaseLoginAttempts($_POST['login']);
                                if ($login->isDeactivated($_POST['login']))
                                {
                                    $errors[] = _LB_ACCOUNT_DEACTIVATED;
                                }
                                else
                                {
                                    $errors[] = _LB_INVALID_LOGIN_OR_PASSWORD;
                                }
                            }

                            $this->vars["message_error"] = $errors;
                            $this->vars["login"] = $_POST["login"];
                        }                       
                        $this->display('login');
                    }

                }
            }
            
            
            
            //$this->load->view('login.php', $this->vars);
        }

		// You can place some more methods code here

        function logout(){
            $section = "logout";
            session_destroy();
            Header( "Location: ".SITE_URL."?c=Login" );
        }
    }
